识别用户名但不识别密码

时间:2013-06-03 16:20:36

标签: vb.net visual-studio-2010 sql-server-2008

我已经在其中设置了一个包含虚拟帐户的数据库。我的登录页面能够识别用户名,但 密码。我已经仔细检查了密码并且它们是正确的。不知道为什么它只看到用户名。请指教。

我的数据库如下所示:
用户ID 用户名 密码名字 电子邮件
2 barb@hotmail.com coo1Talk李倒钩barb@hotmail.com
3 esther@hotmail.com k1dd13谈埃丝特esther@hotmail.com

这是我的代码隐藏文件:

Imports System
Imports System.Collections.Generic
Imports System.Linq
Imports System.Web
Imports System.Web.UI
Imports System.Web.UI.WebControls
Imports System.Data.SqlClient
Imports System.Configuration

Partial Class SignIn
Inherits System.Web.UI.Page
Protected Sub Page_Load(ByVal sender As Object, ByVal e As EventArgs)

End Sub
    Protected Sub signinBTN_Click(ByVal sender As Object, ByVal e As System.EventArgs)
    Dim sConnection As New SqlConnection(ConfigurationManager.ConnectionStrings("TrackTicketsConnectionString2").ConnectionString)
    sConnection.Open()

    Dim cmdS As String = "Select count(*) from Users where UserName='" + usernameTXTBOX.Text + "' AND Deleted='N'"

    Dim cmdCheckUser As New SqlCommand(cmdS, sConnection)
    Dim num As Integer = Convert.ToInt32(cmdCheckUser.ExecuteScalar().ToString())
    If num = 1 Then
        Dim cmdS1 As String = "Select * From Users WHERE UserName='" + usernameTXTBOX.Text + "' AND Deleted='N' AND Password='" + passwordTXTBOX.Text + "'"
        Dim pass As New SqlCommand(cmdS1, sConnection)
        Dim password As String = pass.ExecuteScalar().ToString()

        If password = passwordTXTBOX.Text Then
            Session("Ticket") = usernameTXTBOX.Text
            Response.Redirect("mysupport.aspx")
        Else
            userCOMPARELBL.Visible = True
            userCOMPARELBL.Text = "Password is incorrect."
        End If
    Else
        userCOMPARELBL.Visible = True
        userCOMPARELBL.Text = "Username is incorrect."
    End If

End Sub

End Class

我期望的结果是用户可以成功登录并重定向到另一个名为support.aspx的页面。

1 个答案:

答案 0 :(得分:1)

1)我知道这不是主题但是...... Use Parameterized queries!!

2)数据库中的Deleted是否设置为“N”?

已删除='N'

3)现在,如果您的密码与文本框匹配,则表示您正在重定向支持。我认为这不是预期的行为。

现在代码:

   If password = passwordTXTBOX.Text Then
            Session("Ticket") = usernameTXTBOX.Text
            Response.Redirect("mysupport.aspx")
        Else
            userCOMPARELBL.Visible = True
            userCOMPARELBL.Text = "Password is incorrect."
        End If

修正:

If password.Equals(passwordTXTBOX.Text) Then
              userCOMPARELBL.Visible = True
            userCOMPARELBL.Text = "Password is incorrect."
        Else
   Session("Ticket") = usernameTXTBOX.Text
            Response.Redirect("mysupport.aspx")

        End If
相关问题
最新问题